Hello,
The US Federal PKI is looking for public comment *by October 30* on its
draft Certificate Policy for a new PKI intended for public trust:
- Background: https://devicepki.idmanagement.gov
- Request for comment: https://devicepki.idmanagement.gov/requestcomment/
- CP itself:
I tried to write the CABForum WG charter so that it did not include changes to
the CAA specification itself; these should indeed be handled at the IETF level.
This WG is about adoption of CAA in the Baseline Requirements. Some topics we
might cover are:
- Requirement for DNSSEC checking—for
Once again, thanks to Li-Chun and Chunghwa Telecom for hosting a great and
productive meeting in TaipeI!
As a reminder - the Notetakers on the topics listed below need to upload their
notes to the wiki, so we can have final Minutes to approve and publish. Thanks.
Mozilla Root Program Update
Sure, but this didn't answer my questions, and I'm guessing was just a
quick reply.
I questioned both the motive and the problem statement, and it didn't seem
like there were good answers. I'm hoping you could revisit, and we can see
how much of a problem this is in actual practice.
On Thu, Oct
I believe your interpretation is correct - it is an authoritative positive
response of non-existence (meaning not a failure)
On Fri, Oct 6, 2017 at 2:43 PM, Doug Beattie via Public wrote:
>
>
> I understand the need to reject CAA lookups if there is DNSSEC on the zone
>
Ryan,
One issue with the qualified audit, as was expressed during the face-to-face
meeting, although I haven’t been able to find it, is that Microsoft apparently
requires the WebTrust seal, which is based on an unqualified audit. If anyone
can point me to the requirement, I’d appreciate
On Fri, Oct 6, 2017 at 12:07 PM, Gervase Markham via Public <
public@cabforum.org> wrote:
> During the CAB Forum face-to-face in Taipei, it was noted that the BRs
> currently state something which implies something which is not true in
> practice.
>
Gerv,
I think it's useful here to distinguish